This is the latest in the web’s massive shift from non-secure HTTP to the more secure, encrypted HTTPS protocol. All web servers use one of these two protocols to get web pages from the server to your browser. HTTP has serious problems that make it vulnerable to eavesdropping and content hijacking. HTTPS fixes most of these problems. That’s why EFF and others have been working to encourage websites to offer HTTPS by default.

Users should be able to expect HTTPS by default.

And browsers have been an important part of the equation to push secure browsing forward. Last year, Chrome and Firefox started showing users “Not secure” warnings when HTTP websites asked them to submit password or credit card information. And last October, Chromeexpanded the warning to cover all input fields, as well as all pages viewed over HTTP in Incognito mode.

Chrome’s most recent move to show “not secure” warnings on all HTTP pages reflects an important, ongoing shift for user expectations: users should be able to expect HTTPS encryption—and the privacy and integrity it ensures—by default. Looking ahead, Chrome plans to remove the “Secure” indicator next to HTTPS sites, indicating that encrypted HTTPS connections are increasingly the norm (even on sites that don’t accept user input).

For website owners and administrators, these changes come at a time when offering HTTPS is easier and cheaper than ever thanks to certificate authorities like Let’s Encrypt. Certificate Authorities (CAs) issue signed, digital certificates to website owners that help web users and their browsers independently verify the association between a particular HTTPS site and a cryptographic key. Let's Encrypt stands out because it offers these certificates for free and in a manner that facilitates automation. And, with EFF’sCertbot and other Let’s Encrypt client applications, certificates are easier than ever for web masters and website administrators to get.

Related Updates

San Francisco—The Electronic Frontier Foundation (EFF) launched a virtual reality (VR) experience on its website today that teaches people how to spot and understand the surveillance technologies police are increasingly using to spy on communities.“We are living in an age of surveillance, where hard-to-spot cameras capture our faces and...

Earlier this week, Google dropped a bombshell: in March, the company discovered a “bug” in its Google+ API that allowed third-party apps to access private data from its millions of users. The company confirmed that at least 500,000 people were “potentially affected.” Google’s mishandling of data was bad...

With its latest update, Privacy Badger now fights “link tracking” in a number of Google products. Link tracking allows a company to follow you whenever you click on a link to leave its website. Earlier this year, EFF rolled out a Privacy Badger update targeting Facebook’s use of this...

If you found yourself logged out of Facebook this morning, you were in good company. Facebook forced more than 90 million Facebook users to log out and back into their accounts Friday morning in response to a massive data breach. According to Facebook’s announcement, it detected...

Add “a phone number I never gave Facebook for targeted advertising” to the list of deceptive and invasive ways Facebook makes money off your personal information. Contrary to user expectations and Facebook representatives’ own previous statements, the company has been using contact information that users explicitly provided for security purposes—or...

Facebook has a problem: an infestation of undercover cops. Despite the social platform’s explicit rules that the use of fake profiles by anyone—police included—is a violation of terms of service, the issue proliferates. While the scope is difficult to measure, EFF has identified scores of agencies who maintain policies that...

Five of the largest U.S. technology companies pledged support this year for a dangerous law that makes our emails, chat logs, online videos and photos vulnerable to warrantless collection by foreign governments. Now, one of those companies has voiced a meaningful pivot, instead pledging support for its users...